package top.infopub.security.util;

/**
 * xss处理特殊字符
 * 另请参见：StringEscapeUtils.escapeHtml4
 * @author Awoke
 * @version 2018年9月18日
 * @see HtmlClean
 * @since
 */
public class HtmlClean {

    /**
     * Xss过滤 特殊字符  如 < >，特殊字符可自行扩展
     * @param input
     * @return
     */
    public static String htmlSecurityEscape(String input) {
        StringBuilder result = null;
        if (input != null) {
            result = new StringBuilder();
            char[] characters = input.toCharArray();
            int length = characters.length;
            int i = 0;
            boolean special;
            while (i < length) {
                switch (characters[i]) {
                    /*case '\'':
                        result.append("&#39;");
                        break;*/
                    /*case '\"':
                        result.append("&quot;");
                        break;*/
                    case '\\':
                        special = false;
                        if (i < (length - 1)) {
                            char next = characters[i + 1];
                            if (next == 'x' || next == 'u' || next == 'U' || next == 'X'
                                || (next >= '0' && next <= '9')) {
                                special = true;
                            }
                        }
                        if (special) {
                            result.append("&#92;");
                        }
                        else {
                            result.append("\\");
                        }
                        break;
                    case '<':
                        result.append("&lt;");
                        break;
                    case '>':
                        result.append("&gt;");
                        break;
                    //				case '&'://防止二次转义 同时防止 &..&情况出现
                    //					special = false;
                    //					int position = position(characters, ';', length, (i+1) , 9 );
                    //					if( position != -1  ){
                    //						position = position(characters, '&', length, ( i+1) , position );
                    //						if( position == -1 ){
                    //							special = true;
                    //						}
                    //					}
                    //					if( special ){
                    //						result.append("&");
                    //					} else {
                    //						result.append("&amp;");
                    //					}
                    //					break;
                    case '/':
                        if ((i < length - 1) && characters[i + 1] == '*') {
                            result.append("&#47;&#42;");
                            i++ ;
                        }
                        else {
                            result.append("/");
                        }
                        break;
                    case '*':
                        if ((i < length - 1) && characters[i + 1] == '/') {
                            result.append("&#42;&#47;");
                            i++ ;
                        }
                        else {
                            result.append("*");
                        }
                        break;
                    default:
                        if (!(Character.getDirectionality(characters[i]) == Character.DIRECTIONALITY_RIGHT_TO_LEFT_ARABIC
                              || (Character.getDirectionality(characters[i]) == Character.DIRECTIONALITY_RIGHT_TO_LEFT_EMBEDDING) 
                              || (Character.getDirectionality(characters[i]) == Character.DIRECTIONALITY_RIGHT_TO_LEFT_OVERRIDE))) {
                            result.append(characters[i]);
                        }
                        break;
                }
                i++ ;
            }
        }
        return result != null ? result.toString() : null;
    }

    /** 转化( ) **/
    public static String specaialCharReplace(String input) {
        StringBuilder result = null;
        if (input != null) {
            result = new StringBuilder();
            char[] characters = input.toCharArray();
            int length = characters.length;
            int i = 0;
            while (i < length) {
                switch (characters[i]) {
                    case '(':
                        result.append("&#40;");
                        break;
                    case ')':
                        result.append("&#41;");
                        break;
                    default:
                        result.append(characters[i]);
                        break;
                }
                i++ ;
            }
        }
        return result != null ? result.toString().replaceAll("\n", "").replaceAll("\r", "") : null;
    }

    public static void main(String[] args) {

        System.out.println(htmlSecurityEscape("\"onmouce=alert"));

    }

}
